Platform

HIPAA Projects


You can use Supabase to store and process Protected Health Information (PHI). If you want to start developing healthcare apps on Supabase, reach out to the Supabase team here to sign the Business Associate Agreement (BAA).

Configuring a HIPAA project

When the HIPAA add-on is enabled on an organization, projects within the organization can be configured as High Compliance. This configuration can be found in the General Project Settings page of the dashboard. Once enabled, additional security checks will be run against the project to ensure the deployed configuration is compliant. These checks are performed on a continual basis and security warnings will appear in the Security Advisor if a non-compliant setting is detected.

The required project configuration is outlined in the shared responsibility model for managing healthcare data.

These include:

Additional security checks and controls will be added as the security advisor is extended and additional security controls are made available.